Pages

Saturday, July 1, 2017

You notice that the ECP / EAC page no longer load properly upon successfully logging in after reassigning the new certificate, deleting the old certificate and restarting the server:

Reviewing the event logs show the following error constantly logged on the Exchange server(s):

Log Name: System

Source: HttpEvent

Event ID: 15021

Level: Error

An error occurred while using SSL configuration for endpoint 0.0.0.0:444. The error status code is contained within the returned data.

Solution

The error above could be caused by the port 444 SSL certificate binding continuing to reference the old deleted certificate. To determine whether this is the case, start the command prompt and execute the following command:

netsh http show sslcert

The command should list the SSL certificate bindings for the server similar to the following:

Confirm that the IP:port : 0.0.0.0:444 is indeed referencing the old certificate by reviewing the thumbprint of the old deleted certificate with the Certificate Hash:

Note that the thumbprint in the screenshot above matches the certificate hash generated above. Once confirmed that the IP:port : 0.0.0.0:444 is indeed referencing the old certificate, proceed to delete the binding by executing the following command:

netsh http delete sslcert ipport=0.0.0.0:444

Execute netsh http show sslcert to confirm that the binding has been deleted:

Proceed with creating the binding with the new certificate by executing a command that references the ApplicationID that we made a note of earlier:

Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}

… and obtaining the thumbprint of the new certificate that we’ll be using: